dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix tests after updating from develop, changes applied for migrating to Spring Boot 2

Browse Source
This commit is contained in:
Nanne Baars 2019-09-23 17:35:04 +02:00
parent 35c1305ce9
commit dad9c75ee0
8 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
View File

@ -13,7 +13,7 @@ import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.owasp.webgoat.plugin.JWTSecretKeyEndpoint;
import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;

1
webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java
View File

@ -74,6 +74,7 @@ public class XXETest extends IntegrationTest {
.get(webWolfUrl("/WebWolf/requests"))
.then()
.extract().response().getBody().asString();
result = result.replace("%20", " ");
result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("),result.lastIndexOf("WebGoat 8.0 rocks... (")+33);
return result;
}

2
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java
View File

@ -60,7 +60,7 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
private static final String WEBGOAT_USER = "WebGoat";
private static final List<String> expectedClaims = Lists.newArrayList("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
@RequestMapping(path="/gettoken",produces=MediaType.TEXT_HTML_VALUE)
@RequestMapping(path="/JWT/secret/gettoken",produces=MediaType.TEXT_HTML_VALUE)
@ResponseBody
public String getSecretToken() {
return Jwts.builder()

2
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java
View File

@ -153,7 +153,7 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
}
}
@PostMapping("/JWT/votings/reset")
@PostMapping("/JWT/votings")
@ResponseBody
public AttackResult resetVotes(@CookieValue(value = "access_token", required = false) String accessToken) {
if (StringUtils.isEmpty(accessToken)) {

6
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java
View File

@ -153,7 +153,7 @@ public class JWTVotesEndpointTest extends LessonTest {
Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class);
int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes");
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
.cookie(cookie))
.andExpect(status().isAccepted());
result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings")
@ -176,7 +176,7 @@ public class JWTVotesEndpointTest extends LessonTest {
@Test
public void guestShouldNotBeAbleToVote() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
.cookie(new Cookie("access_token", "")))
.andExpect(status().isUnauthorized());
}
@ -188,7 +188,7 @@ public class JWTVotesEndpointTest extends LessonTest {
claims.put("user", "Intruder");
String token = Jwts.builder().signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD).setClaims(claims).compact();
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
.cookie(new Cookie("access_token", token)))
.andExpect(status().isUnauthorized());
}

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10a.java
View File

@ -41,7 +41,7 @@ public class SqlInjectionLesson10a extends AssignmentEndpoint {
private WebSession webSession;
private String[] results = {"getConnection", "PreparedStatement", "prepareStatement", "?", "?", "setString", "setString"};
@PostMapping("SqlInjectionMitigations/attack10a")
@PostMapping("/SqlInjectionMitigations/attack10a")
@ResponseBody
public AttackResult completed(@RequestParam String field1, @RequestParam String field2, @RequestParam String field3, @RequestParam String field4, @RequestParam String field5, @RequestParam String field6, @RequestParam String field7) {
String[] userInput = {field1, field2, field3, field4, field5, field6, field7};

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java
View File

@ -41,7 +41,7 @@ import java.util.regex.Pattern;
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"})
public class SqlInjectionLesson10b extends AssignmentEndpoint {
@PostMapping("SqlInjectionMitigations/attack10b")
@PostMapping("/SqlInjectionMitigations/attack10b")
@ResponseBody
public AttackResult completed(@RequestParam String editor) {
try {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12a.java
View File

@ -51,7 +51,7 @@ public class SqlInjectionLesson12a extends AssignmentEndpoint {
@Autowired
private WebSession webSession;
@PostMapping("SqlInjectionMitigations/attack12a")
@PostMapping("/SqlInjectionMitigations/attack12a")
@ResponseBody
@SneakyThrows
public AttackResult completed(@RequestParam String ip) {